1 CLAIMS 

2 What is claimed is: 

3 

1 L A method for a first device and a second device to maintain synchronization of a shared, 

2 dynamic secret, the method comprising: 

3 the second device sending an authentication request to the first device; 

4 the first device, in response to the authentication request, 

5 authenticating the second device, 

6 sending an authentication reply to the second device, and 

7 advancing a first copy of the secret; 

8 the second device, in response to the authentication reply, 
<M advancing a second copy of the secret; 

ICI the first device, 

1 j|f sending data to the second device, 

1Z : again advancing the first copy of the secret, and 

lMI sending a data completion message to the second device; 

lgf the second device, 

ls5; consuming the data, and 

l|M in response to the data completion message, again advancing the second copy of the 

lffe secret. 

1 2. The method of claim 1 wherein the first device comprises a server and the second device 

2 comprises a web appliance. 

1 3. The method of claim 1 further comprising: 

2 the first device storing the again advanced first copy of the secret; and 

3 the second device storing the again advanced second copy of the secret. 

1 4. The method of claim 1 further comprising: 

2 executing a recovery technique in response to the first and second copies of the secret 

3 becoming out of synchronization. 



Docket No. 42390.P12062 



Page 8 



phone (408) 720-8598 



1 5. A system for use on a network, the system comprising: 

2 a server including, 

3 a communication interface, 

4 a processor for performing logic operations, 

5 storage, 

6 stored in the storage, a first copy of a secret, 

7 a secret validator, and 

8 means for advancing the first copy of the secret; 

9 a web appliance including, 

10 a communication interface coupling the web appliance to the server over the network, 

1 1 a processor for performing logic operations, 
\I3 storage, 

130 stored in the storage of the web appliance, a second copy of the secret, 

14b means for advancing the second copy of the secret; and 

iff] the server and the web appliance further including, 

1<§J! a protocol for recovering synchronization of the first and second copies of the secret, 

ft 6. The system of claim 5 wherein the secret comprises a PIN. 

W 7. The system of claim 6 wherein the PIN comprises a number of at least 80 bits. 

1 8. A method for a client device to maintain synchronization of a first copy of a secret stored on 

2 the client device with a second copy of the secret stored on a server device, the method comprising 

3 the client device: 

4 sending an authorization request to the server device; 

5 in response to receiving from the server device an authentication reply, 

6 advancing the first copy of the secret; and 

7 in response to receiving data from the server device, 

8 consuming the data, and 

9 again advancing the first copy o f the secret. 

1 9. The method of claim 8 farther comprising the client device: 
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2 in response to receiving data from the server device, 

3 storing the again advanced first copy of the secret. 

1 1 0. The method of claim 8 further comprising the client device: 

2 in response to not receiving an affirmative authentication reply from the server device, 

3 (a) advancing the first copy of the secret, 

4 (b) sending the advanced first copy of the secret to the server device. 

1 11. The method of claim 1 0 wherein the (a) advancing the first copy of the secret comprises 

2 twice advancing the first copy of the secret. 

1 12. A method for a server to authenticate an appliance that is in communication with the server, 

2 the method comprising the server: 

receiving from the appliance an authentication request; 

4jf sending an authentication reply to the appliance; 

iH advancing a first copy of a secret stored on the server; 

lj sending data to the appliance; 

¥ 1 sending a data completion message to the appliance; 

13 again advancing the first copy of the secret; and 

storing the again advanced first copy of the secret on the server. 

V 13. The method of claim 1 2 wherein the secret is a PIN. 

1 14. The method of claim 12 wherein the secret comprises a value of at least 80 bits. 

1 15. The method of claim 1 2 further comprising: 

2 determining that the appliance is not authentic and, responsive to that determination, 

3 logging the authentication request, and 

4 disconnecting communication to the appliance. 

1 16. An article of manufacture comprising: 

2 a machine-accessible medium including instructions that, when accessed by a machine, cause 

3 the machine to perform the method of claim 8. 

1 17. The article of manufacture of claim 16 further comprising: 
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2 instructions that, when accessed by the machine, cause the machine to perform the method of 

3 claim 10. 

1 18. An article of manufacture comprising: 

2 a machine-accessible medium including instructions that, when accessed by a machine, cause 

3 the machine to perform the method of claim 12. 

1 19. The article of manufacture of claim 1 8 further comprising: 

2 instructions that, when accessed by the machine, cause the machine to perform the method of 

3 claim 15. 
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